Grep-Cheat-sheet


🔍 grep + Regex Cheat Sheet

Pattern Meaning Example
. Any single character gr.p → matches grep, grap, gr0p
.* Any number of any characters (including none) ap.*he → matches apache, apX123he
^word Line starts with word ^ssh → matches lines starting with ssh
word$ Line ends with word php$ → matches lines ending in php
[abc] Any single character a, b, or c gr[ae]y → matches gray, grey
[0-9] Any single digit port [0-9] → matches port 1, port 7
[a-z] Any lowercase letter [a-z]at → matches cat, bat
[^abc] NOT a, b, or c gr[^a]p → matches grep, grxp but not grap
word1\|word2 Either word1 OR word2 (-E needed) grep -E "apache\|nginx"
? Previous char is optional (-E needed) colou?r → matches color, colour
+ One or more of previous (-E needed) ap+le → matches apple, appple
{n} Exactly n occurrences (-E) a{3} → matches aaa
{n,} At least n occurrences a{2,} → matches aa, aaa, aaaa…
{n,m} Between n and m occurrences a{2,4} → matches aa, aaa, aaaa
\. Literal dot 2\.4\.49 → matches version string exactly

✅ Useful Pentesting One-Liners

  • Find Apache + PHP in exploits:
searchsploit | grep -i apache | grep -i php
  • Find Apache 2.x versions:
searchsploit | grep -E "apache 2\.[0-9]+\.[0-9]+"
  • Grab only service + version line from nmap:
nmap -sV target | grep -i "service\|version"
  • Extract only IPs:
grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}" file.txt